freeipa.git/ipaplatform/base, branch custodia FreeIPA patches topology: manage ca replication agreements 2015-10-15T12:24:33+00:00 Petr Vobornik pvoborni@redhat.com 2015-07-15T09:17:14+00:00 fff31ca220311421f1ac8cef0888aaa892e97584 Configure IPA so that topology plugin will manage also CA replication agreements. upgrades if CA is congigured: - ipaca suffix is added to cn=topology,cn=ipa,cn=etc,$SUFFIX - ipaReplTopoManagedSuffix: o=ipaca is added to master entry - binddngroup is added to o=ipaca replica entry Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
Configure IPA so that topology plugin will manage also CA replication
agreements.

upgrades if CA is congigured:
- ipaca suffix is added to cn=topology,cn=ipa,cn=etc,$SUFFIX
- ipaReplTopoManagedSuffix: o=ipaca is added to master entry
- binddngroup is added to o=ipaca replica entry

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Implement replica promotion functionality 2015-10-15T12:24:33+00:00 Simo Sorce simo@redhat.com 2015-06-11T19:45:38+00:00 d03619fff3a1eb7d21c2ba21f8867ae8018779b8 This patch implements a new flag --promote for the ipa-replica-install command that allows an administrative user to 'promote' an already joined client to become a full ipa server. The only credentials used are that of an administrator. This code relies on ipa-custodia being available on the peer master as well as a number of other patches to allow a computer account to request certificates for its services. Therefore this feature is marked to work only with domain level 1 and above servers. Ticket: https://fedorahosted.org/freeipa/ticket/2888 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
This patch implements a new flag --promote for the ipa-replica-install command
that allows an administrative user to 'promote' an already joined client to
become a full ipa server.

The only credentials used are that of an administrator. This code relies on
ipa-custodia being available on the peer master as well as a number of other
patches to allow a computer account to request certificates for its services.

Therefore this feature is marked to work only with domain level 1 and above
servers.

Ticket: https://fedorahosted.org/freeipa/ticket/2888

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Add ipa-custodia service 2015-10-15T12:24:33+00:00 Simo Sorce simo@redhat.com 2015-05-08T17:39:29+00:00 463dda30679da9ac5eea5683984002989965e2a5 Add a customized Custodia daemon and enable it after installation. Generates server keys and loads them in LDAP autonomously on install or update. Provides client code classes too. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
Add a customized Custodia daemon and enable it after installation.
Generates server keys and loads them in LDAP autonomously on install
or update.
Provides client code classes too.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
paths: Add GENERATE_RNDC_KEY. 2015-10-05T15:45:51+00:00 Timo Aaltonen tjaalton@debian.org 2015-10-03T08:40:15+00:00 7059117ec32bfad8ec802d472b0f7d2b6cb12d2a Reviewed-By: Martin Basti <mbasti@redhat.com> 
Reviewed-By: Martin Basti <mbasti@redhat.com>
ipatests: configure Network Manager not to manage resolv.conf 2015-10-02T12:01:50+00:00 Milan KubĂ­k mkubik@redhat.com 2015-09-25T19:09:24+00:00 c22c60b87c101178e5e653cada53dfdb861d1ad0 For the duration of the test, makes resolv.conf unmanaged. If NetworkManager is not running, nothing is changed. https://fedorahosted.org/freeipa/ticket/5331 Reviewed-By: Martin Basti <mbasti@redhat.com> 
For the duration of the test, makes resolv.conf unmanaged.
If NetworkManager is not running, nothing is changed.

https://fedorahosted.org/freeipa/ticket/5331

Reviewed-By: Martin Basti <mbasti@redhat.com>
install: fix kdcproxy user home directory 2015-09-23T14:29:49+00:00 Jan Cholasta jcholast@redhat.com 2015-09-23T08:35:06+00:00 4c39561261e79fe1cfdef916eafbcb9c204e77e8 https://fedorahosted.org/freeipa/ticket/5314 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com> 
https://fedorahosted.org/freeipa/ticket/5314

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
platform: add option to create home directory when adding user 2015-09-23T14:29:49+00:00 Jan Cholasta jcholast@redhat.com 2015-09-23T11:09:44+00:00 859590337a1978eb216b9f4ec0750db2fd547a5a https://fedorahosted.org/freeipa/ticket/5314 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com> 
https://fedorahosted.org/freeipa/ticket/5314

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
ipa-backup: Add mechanism to store empty directory structure 2015-09-22T11:17:25+00:00 Tomas Babej tbabej@redhat.com 2015-09-17T15:09:33+00:00 cfeea91828ad47e1d321947d04f5f6de0e3d1c8c Certain subcomponents of IPA, such as Dogtag, cannot function if non-critical directories (such as log directories) have not been stored in the backup. This patch implements storage of selected empty directories, while preserving attributes and SELinux context. https://fedorahosted.org/freeipa/ticket/5297 Reviewed-By: Martin Basti <mbasti@redhat.com> 
Certain subcomponents of IPA, such as Dogtag, cannot function if
non-critical directories (such as log directories) have not been
stored in the backup.

This patch implements storage of selected empty directories,
while preserving attributes and SELinux context.

https://fedorahosted.org/freeipa/ticket/5297

Reviewed-By: Martin Basti <mbasti@redhat.com>
install: support KRA update 2015-09-17T12:55:54+00:00 Jan Cholasta jcholast@redhat.com 2015-09-14T05:56:44+00:00 5137478fb8bba16d9cbecba53983c893dc0884d5 https://fedorahosted.org/freeipa/ticket/5250 Reviewed-By: Petr Vobornik <pvoborni@redhat.com> 
https://fedorahosted.org/freeipa/ticket/5250

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Using LDAPI to setup CA and KRA agents. 2015-09-07T16:01:13+00:00 Endi S. Dewata edewata@redhat.com 2015-08-27T04:44:29+00:00 72cfcfa0bd1e867537fcc788512e5fca20708b83 The CA and KRA installation code has been modified to use LDAPI to create the CA and KRA agents directly in the CA and KRA database. This way it's no longer necessary to use the Directory Manager password or CA and KRA admin certificate. https://fedorahosted.org/freeipa/ticket/5257 Reviewed-By: Martin Basti <mbasti@redhat.com> 
The CA and KRA installation code has been modified to use LDAPI
to create the CA and KRA agents directly in the CA and KRA
database. This way it's no longer necessary to use the Directory
Manager password or CA and KRA admin certificate.

https://fedorahosted.org/freeipa/ticket/5257

Reviewed-By: Martin Basti <mbasti@redhat.com>